﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using System.Web.Security;

namespace Archives.Filters
{
    public class ValidateRoles : FilterAttribute, IAuthorizationFilter
    {
        public void OnAuthorization(AuthorizationContext filterContext) 
        {
            if (filterContext.HttpContext.Request.IsAuthenticated)
            {
                if (!Roles.IsUserInRole("Administrators"))
                {
                    ViewResult result = new ViewResult();
                    result.ViewName = "SecurityError";
                    result.ViewBag.ErrorMessage = "You are not authorized to use this page. Please contact administrator!";
                    filterContext.Result = result;
                }
            }
        
        }
    }
}